Facebook is to pay a $5bn fine to settle privacy concerns, the US Federal Trade Commission (FTC) has announced.
The social network must also establish an independent privacy committee that Facebook’s chief executive Mark Zuckerberg will not have control over.
The FTC had been probing allegations political consultancy Cambridge Analytica improperly obtained the data of up to 87 million Facebook users.
The probe then widened to include other issues such as facial recognition.
The social network also fell foul of the regulator by not revealing that phone numbers collected for two-factor authentication would be used for advertising.
The FTC ruled that certain Facebook policies violated rules against deceptive practices.
The $5bn fine is believed to be the biggest ever imposed on any company for violating consumers’ privacy. It is also almost 20 times greater than the largest privacy or data security penalty ever imposed worldwide.
The consumer protection agency the FTC began investigating Facebook in March 2018 after it was revealed that personal data was illegally harvested from an online personality quiz and sold to Cambridge Analytica, which may have used it to influence the outcome of the US 2016 presidential election or the UK Brexit referendum.
Although only 270,000 people took the quiz, whistleblower Christopher Wylie alleges that the data of some 50 million users, mainly in the US, was harvested without their explicit consent via their friend networks.
FTC representatives from all US political parties voted the settlement deal through, despite concerns from Democrats that the fine was not big enough and that the settlement did not go far enough.
In a post on Facebook, Mr Zuckerberg said that the firm would be making structural changes to how its products were built and how the company is run.
Privacy practices would now be headed by a new chief privacy officer for products.
“We have a responsibility to protect people’s privacy,” Mr Zuckerberg wrote.